Re: pipe problem

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Greg A. Woods
Date:  
À: Philip Hazel
CC: patl, Robert Black, David Blacka, Pete Ashdown, exim-users
Sujet: Re: pipe problem
[ On Mon, March 10, 1997 at 16:05:05 (+0000), Philip Hazel wrote: ]
> Subject: Re: pipe problem
>
> Exim has always used fork() + setuid() for all local delivery transport
> processes, both to pipes and files. There is no way you can configure it
> not to do this.


Sorry, I'd forgot about that....

> The only (optional) use of seteuid() is to become the exim user (rather
> than root) for the time from starting up to do deliveries to the time
> when it is necessary to become the local user before running the
> transport. Oh, yes, it may also use seteuid() when reading .forward
> files, it is true.


The .forward file was indeed the hook used in the smail compromise,
though I expect in exim the dangers would be far reduced to perhaps some
failure mode allowing some form of access to otherwise protected files,
such as /etc/shadow.

-- 
                            Greg A. Woods


+1 416 443-1734            VE3TCP            robohack!woods
Planix, Inc. <woods@???>; Secrets of the Weird <woods@???>